i made a cert with a passwd, and i'm curious if can i start apache with apachectl startssl with 1 line command.
Or do i have to write a startscript that catches password promt and inserts passwd?really to tell i'm to bad in sh scripting,and i think someone of you done it already, may i have a example of one ?
First let's clarify a few terminology ...
So, your cert private key is encrypted with a passphrase and you want to avoid being prompted for passphrase every time on startup?
You need to understand that you want to encrypt your private key with a passphrase to prevent others who are able to get access to your keyfile from extracting the private key except those who knows the passphrase (presumably you). This is especially if the server is not yours, as at least the system root will be able to extract the private key if it is unencrypted.
If the actual passphrase can be found unencrypted in the system somewhere, then this defeats the purpose of using a passphrase at all in the first place. By having the key encrypted, and the passphrase requested on system startup, the passphrase needs not be saved anywhere on the disk.
If you are the administrator of the server and only you have access to the keyfile, then it is reasonably safe to have the key unencrypted. Here tells you how:
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html.en\#removepassphrase
thx.
Yes i am root on that server.
i read that page, all done, no problems.
Now apachessl doesnt ask for passwd.
thx